Kasper Bertelsen warns that several vulnerabilities he discovered in Joomla's Helpdesk Pro can lead to remote code execution on hosts hosting the Web application.
Helpdesk Pro is an extension of Joomla that allows administrators and users to use support bids.
Here are some websites that use this plugin: eBay, Heathrow Airport, and the Australian Supreme Court.
Vulnerabilities were discovered by Simon Rawet, Kristian Varnai, and Gregor Mynarsky, and include: direct object references, cross-site scripting, SQL injection, local file injection, arbitrary file upload.
"[Vulnerabilities] leave systems vulnerable to a wide variety of attack types, resulting in the disclosure of potentially sensitive information, but also to the complete acquisition of the server with arbitrary code execution," they say.
Vulnerabilities work because downloading attachments and upload services do not restrict anyone from downloading files.
So an attacker can download the configuration.php file, for example, which contains sensitive information such as user names, database passwords, and FTP credentials.